From 13aae7d532493f70ca9a76a6dad5e524994d2f6b Mon Sep 17 00:00:00 2001
From: Sanne Raymaekers <sanne.raymaekers@gmail.com>
Date: Wed, 15 May 2024 10:13:39 +0200
Subject: [PATCH] templates/packer: invert tag logic

With the rpmcopy or rpmrepo_osbuild tags, the `Install worker rpm` stage
got skipped on RHEL and CI. Invert the tag logic and use `--tags`
instead of `--skip-tags`.
---
 .../ansible/roles/common/tasks/main.yml       |  2 ++
 .../ansible/roles/common/tasks/packages.yml   | 34 ++++++++++++++-----
 .../ansible/roles/common/tasks/subscribe.yml  |  6 ++--
 .../ansible/roles/common/tasks/unregister.yml |  2 +-
 .../roles/common/tasks/worker-config.yml      |  4 +++
 .../tasks/worker-initialization-service.yml   | 12 +++++++
 templates/packer/variables.pkr.hcl            |  2 +-
 templates/packer/worker.pkr.hcl               |  2 +-
 tools/appsre-build-fedora-worker-packer.sh    |  2 +-
 tools/appsre-build-worker-packer.sh           |  4 +--
 tools/ci-build-worker-packer.sh               |  4 +--
 11 files changed, 54 insertions(+), 20 deletions(-)

diff --git a/templates/packer/ansible/roles/common/tasks/main.yml b/templates/packer/ansible/roles/common/tasks/main.yml
index dbf7624819..a5686214c5 100644
--- a/templates/packer/ansible/roles/common/tasks/main.yml
+++ b/templates/packer/ansible/roles/common/tasks/main.yml
@@ -16,4 +16,6 @@
 - include_tasks: unregister.yml
 
 - name: Ensure SELinux contexts are updated
+  tags:
+    - always
   command: restorecon -Rv /etc
diff --git a/templates/packer/ansible/roles/common/tasks/packages.yml b/templates/packer/ansible/roles/common/tasks/packages.yml
index 910107e2f0..26b79bcc99 100644
--- a/templates/packer/ansible/roles/common/tasks/packages.yml
+++ b/templates/packer/ansible/roles/common/tasks/packages.yml
@@ -2,7 +2,7 @@
 
 - name: Add osbuild-composer repository
   tags:
-    - rpmrepo_composer
+    - ci
   yum_repository:
     name: "composer"
     description: "osbuild-composer commit {{ COMPOSER_COMMIT }}"
@@ -13,8 +13,8 @@
 
 - name: Add osbuild repository
   tags:
-    - rpmrepo_osbuild
-    - rpmcopr
+    - ci
+    - fedora
   yum_repository:
     name: "osbuild"
     description: "osbuild commit {{ osbuild_commit }}"
@@ -26,6 +26,8 @@
   when: osbuild_commit is defined
 
 - name: Upgrade all packages
+  tags:
+    - always
   package:
     name: "*"
     state: latest
@@ -34,11 +36,15 @@
   until: result is success
 
 - name: Add Vector repo
+  tags:
+    - always
   copy:
     src: "{{ playbook_dir }}/roles/common/files/timber-vector.repo"
     dest: /etc/yum.repos.d/
 
 - name: Install required packages
+  tags:
+    - always
   package:
     name:
       - jq
@@ -49,6 +55,8 @@
   until: result is success
 
 - name: Download AWS CLI installer
+  tags:
+    - always
   get_url:
     url: "https://awscli.amazonaws.com/awscli-exe-linux-{{ ansible_architecture }}.zip"
     dest: /tmp/awscli.zip
@@ -57,15 +65,21 @@
   until: result is success
 
 - name: Unpack AWS CLI installer
+  tags:
+    - always
   unarchive:
     src: /tmp/awscli.zip
     dest: /tmp
     remote_src: yes
 
 - name: Run AWS installer
+  tags:
+    - always
   command: /tmp/aws/install
 
 - name: Cleanup AWS installer
+  tags:
+    - always
   file:
     path: "{{ item }}"
     state: absent
@@ -75,7 +89,7 @@
 
 - name: Create rpmbuild directory
   tags:
-    - rpmcopy
+    - rhel
   file:
     path: "{{ item }}"
     state: directory
@@ -85,7 +99,7 @@
 
 - name: Push rpms
   tags:
-    - rpmcopy
+    - rhel
   ansible.posix.synchronize:
     mode: push
     src: "{{ playbook_dir }}/roles/common/files/rpmbuild/{{ ansible_architecture }}/RPMS"
@@ -93,7 +107,7 @@
 
 - name: Add repo config
   tags:
-    - rpmcopy
+    - rhel
   copy:
     dest: /etc/yum.repos.d/osbuild.repo
     content: |
@@ -106,8 +120,8 @@
 
 - name: Install worker rpm
   tags:
-    - rpmcopy
-    - rpmrepo_osbuild
+    - ci
+    - rhel
   package:
     name:
       - osbuild-composer-worker
@@ -115,7 +129,7 @@
 
 - name: Install worker rpm from copr
   tags:
-    - rpmcopr
+    - fedora
   shell: |
     dnf copr enable -y @osbuild/osbuild-composer
     COMPOSER_COMMIT_SHORT=$(echo {{ COMPOSER_COMMIT }} | head -c 9)
@@ -128,6 +142,8 @@
     dnf install -y $COMPOSER_RPMS
 
 - name: Cleanup rpmbuild dir
+  tags:
+    - always
   file:
     path: "{{ item }}"
     state: absent
diff --git a/templates/packer/ansible/roles/common/tasks/subscribe.yml b/templates/packer/ansible/roles/common/tasks/subscribe.yml
index 6291bd7b2c..2988344555 100644
--- a/templates/packer/ansible/roles/common/tasks/subscribe.yml
+++ b/templates/packer/ansible/roles/common/tasks/subscribe.yml
@@ -3,7 +3,7 @@
 # the packer instances (RHUI, which might be older).
 - name: Subscribe
   tags:
-    - subscribe
+    - rhel
   community.general.redhat_subscription:
     activationkey: "{{ RH_ACTIVATION_KEY }}"
     org_id: "{{ RH_ORG_ID }}"
@@ -14,14 +14,14 @@
 - name: Enable repo mgmt through subman
   become: yes
   tags:
-    - subscribe
+    - rhel
   shell: >-
     subscription-manager config --rhsm.manage_repos 1
 
 - name: Enable cdn repos
   become: yes
   tags:
-    - subscribe
+    - rhel
   shell: >-
     subscription-manager repos \
       --enable rhel-9-for-{{ ansible_architecture }}-appstream-rpms \
diff --git a/templates/packer/ansible/roles/common/tasks/unregister.yml b/templates/packer/ansible/roles/common/tasks/unregister.yml
index ba7acc23a1..f2399fa0d3 100644
--- a/templates/packer/ansible/roles/common/tasks/unregister.yml
+++ b/templates/packer/ansible/roles/common/tasks/unregister.yml
@@ -3,6 +3,6 @@
 - name: Unregister
   become: yes
   tags:
-    - subscribe
+    - rhel
   shell: >-
     subscription-manager unregister
diff --git a/templates/packer/ansible/roles/common/tasks/worker-config.yml b/templates/packer/ansible/roles/common/tasks/worker-config.yml
index f8773c5fcc..413c245cd1 100644
--- a/templates/packer/ansible/roles/common/tasks/worker-config.yml
+++ b/templates/packer/ansible/roles/common/tasks/worker-config.yml
@@ -1,11 +1,15 @@
 ---
 
 - name: Create osbuild-worker config directory
+  tags:
+    - always
   file:
     path: /etc/osbuild-worker/
     state: directory
 
 - name: Copy worker config stub
+  tags:
+    - always
   copy:
     src: "{{ playbook_dir }}/roles/common/files/osbuild-worker.toml"
     dest: /etc/osbuild-worker/osbuild-worker.toml
diff --git a/templates/packer/ansible/roles/common/tasks/worker-initialization-service.yml b/templates/packer/ansible/roles/common/tasks/worker-initialization-service.yml
index 98218d833a..02bb7aba13 100644
--- a/templates/packer/ansible/roles/common/tasks/worker-initialization-service.yml
+++ b/templates/packer/ansible/roles/common/tasks/worker-initialization-service.yml
@@ -1,22 +1,30 @@
 ---
 
 - name: Copy worker initialization service
+  tags:
+    - always
   copy:
     src: "{{ playbook_dir }}/roles/common/files/worker-initialization.service"
     dest: /etc/systemd/system/
 
 - name: Enable worker initialization service
+  tags:
+    - always
   systemd:
     name: worker-initialization.service
     enabled: yes
     daemon_reload: yes # make sure the new service is loaded before enabling it
 
 - name: Create a directory for initialization scripts
+  tags:
+    - always
   file:
     path: /usr/local/libexec/worker-initialization-scripts
     state: directory
 
 - name: Copy scripts used by the initialization service
+  tags:
+    - always
   copy:
     src: "{{ item }}"
     dest: /usr/local/libexec/worker-initialization-scripts
@@ -25,11 +33,15 @@
     - "{{ playbook_dir }}/roles/common/files/worker-initialization-scripts/*"
 
 - name: Copy worker executor service
+  tags:
+    - always
   copy:
     src: "{{ playbook_dir }}/roles/common/files/worker-executor.service"
     dest: /etc/systemd/system/
 
 - name: Enable worker executor service
+  tags:
+    - always
   systemd:
     name: worker-executor.service
     enabled: yes
diff --git a/templates/packer/variables.pkr.hcl b/templates/packer/variables.pkr.hcl
index a69c402bff..7d00d3567b 100644
--- a/templates/packer/variables.pkr.hcl
+++ b/templates/packer/variables.pkr.hcl
@@ -33,7 +33,7 @@ variable "image_users" {
 }
 
 # Skip ansible tags
-variable "ansible_skip_tags" {
+variable "ansible_tags" {
   type = string
   default = ""
 }
diff --git a/templates/packer/worker.pkr.hcl b/templates/packer/worker.pkr.hcl
index 03a9ce3b1d..53b3208508 100644
--- a/templates/packer/worker.pkr.hcl
+++ b/templates/packer/worker.pkr.hcl
@@ -174,7 +174,7 @@ EOF
       "-e", "COMPOSER_COMMIT=${var.composer_commit}",
       "-e", "RH_ACTIVATION_KEY=${var.rh_activation_key}",
       "-e", "RH_ORG_ID=${var.rh_org_id}",
-      "--skip-tags", "${var.ansible_skip_tags}",
+      "--tags", "${var.ansible_tags}",
     ]
     inventory_directory = "${path.root}/ansible/inventory/${source.name}"
   }
diff --git a/tools/appsre-build-fedora-worker-packer.sh b/tools/appsre-build-fedora-worker-packer.sh
index 2f83bead6f..85d91af2a3 100755
--- a/tools/appsre-build-fedora-worker-packer.sh
+++ b/tools/appsre-build-fedora-worker-packer.sh
@@ -7,7 +7,7 @@ export SKIP_CREATE_AMI=false
 export BUILD_RPMS=false
 # Fedora community workers use osbuild form rpmrepo + composer from
 # copr, as the osbuild rpms from copr disappear too quickly.
-export SKIP_TAGS="rpmrepo_composer,rpmcopy,subscribe"
+export ANSIBLE_TAGS="fedora"
 FEDORA=fedora-38
 export PACKER_ONLY_EXCEPT=--only=amazon-ebs."$FEDORA"-x86_64,amazon-ebs."$FEDORA"-aarch64
 COMMIT_SHA="${COMMIT_SHA:-$(git rev-parse HEAD)}"
diff --git a/tools/appsre-build-worker-packer.sh b/tools/appsre-build-worker-packer.sh
index 3494c737d7..936937952b 100755
--- a/tools/appsre-build-worker-packer.sh
+++ b/tools/appsre-build-worker-packer.sh
@@ -7,7 +7,7 @@ COMMIT_BRANCH="${COMMIT_BRANCH:-$(git rev-parse --abbrev-ref HEAD)}"
 SKIP_CREATE_AMI="${SKIP_CREATE_AMI:-false}"
 BUILD_RPMS="${BUILD_RPMS:-true}"
 # RHEL workers build their own rpms.
-SKIP_TAGS="${SKIP_TAGS:-rpmrepo_composer,rpmrepo_osbuild,rpmcopr}"
+ANSIBLE_TAGS="${ANSIBLE_TAGS:-rhel}"
 # Build rhel only
 PACKER_ONLY_EXCEPT="${PACKER_ONLY_EXCEPT:---only=amazon-ebs.rhel-9-x86_64,amazon-ebs.rhel-9-aarch64}"
 
@@ -102,7 +102,7 @@ $CONTAINER_RUNTIME run --rm \
                    -e PKR_VAR_aws_secret_key="$PACKER_AWS_SECRET_ACCESS_KEY" \
                    -e PKR_VAR_image_name="osbuild-composer-worker-$COMMIT_BRANCH-$COMMIT_SHA" \
                    -e PKR_VAR_composer_commit="$COMMIT_SHA" \
-                   -e PKR_VAR_ansible_skip_tags="$SKIP_TAGS" \
+                   -e PKR_VAR_ansible_tags="$ANSIBLE_TAGS" \
                    -e PKR_VAR_skip_create_ami="$SKIP_CREATE_AMI" \
                    -e PKR_VAR_rh_activation_key="$RH_ACTIVATION_KEY" \
                    -e PKR_VAR_rh_org_id="$RH_ORG_ID" \
diff --git a/tools/ci-build-worker-packer.sh b/tools/ci-build-worker-packer.sh
index 96cf2bf408..105e940ef7 100755
--- a/tools/ci-build-worker-packer.sh
+++ b/tools/ci-build-worker-packer.sh
@@ -7,7 +7,7 @@ COMMIT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
 SKIP_CREATE_AMI=false
 BUILD_RPMS=false
 # Use prebuilt rpms on CI
-SKIP_TAGS="rpmcopy,rpmcopr,subscribe"
+ANSIBLE_TAGS="ci"
 
 if [ -n "$CI_COMMIT_SHA" ]; then
     COMMIT_SHA="$CI_COMMIT_SHA"
@@ -30,5 +30,5 @@ else
     PACKER_ONLY_EXCEPT=--except=amazon-ebs.dummy
 fi
 
-export COMMIT_SHA COMMIT_BRANCH SKIP_CREATE_AMI BUILD_RPMS SKIP_TAGS PACKER_ONLY_EXCEPT
+export COMMIT_SHA COMMIT_BRANCH SKIP_CREATE_AMI BUILD_RPMS ANSIBLE_TAGS PACKER_ONLY_EXCEPT
 tools/appsre-build-worker-packer.sh